Previous Job
IS Risk Compliance & Governance Engineer
Ref No.: 18-00306
Location: Parsippany, New Jersey
Position Type:Right to Hire
Start Date: 06/29/2018
Currently seeking an IS Risk & Compliance Lead Analyst to assist in the development, enhancement and execution of the company's Information Security Risk and Compliance Programs. The primary focus of this role will be to enhance the design and ensure the execution of the company's IT General Controls which includes the quarterly control self-assessment. Overall, he/she will ensure that adequate and effective controls are in place and aligned to deliver compliance with the Company's Information Security Standards and regulatory requirements. 

Key Accountabilities 
• Manage the IT SOX Compliance Program. Enhance and/or develop IT General Controls that are efficient and effective. Lead the execution of quarterly ITGC self-assessment process. 
• Lead the development of a PII (Personally Identifiable Information) Data Protection Program. Partner with Legal to ensure IT standards and processes adhere to laws and regulatory requirements. 
• Lead, assist and/or support the Vulnerability Management Program and other programs as needed. 
• Assist and/or manage internal and external audits. 
• Manage, track and monitor corrective action plans for audit findings, standards exceptions and control deficiencies. 

Required Qualifications: • 5-8 years of experience in IT Information Security Risk and Compliance 
• 2-4 years of experience with Network, Infrastructure and Application Security 
• Strong technical knowledge of applicable regulatory requirements including Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS), with working knowledge of ISO framework. 
• General knowledge of applicable data privacy practices and laws. 
• Demonstrated understanding of project management principles. 
• Excellent written and oral communication skills. 
• Excellent interpersonal skills and customer service skills. 
• Ability to conduct and direct research into risk/compliance issues and products as required. 
• Highly self-motivated and directed. 
• Attention to detail. 
• Proven analytical, evaluative, and problem-solving abilities. 
• Ability to effectively prioritize and execute tasks in a high-pressure environment. 
• Extensive experience working in a team-oriented, collaborative environment. 
Preferred Qualifications: • PCIP, CISSP or past ISA Certifications 
• Hands on experience with various security products. e.g. Rapid7, WhiteHat Sentinel, McAfee, Tripwire, CyberArk, Guardium, Pala Alto firewalls, QRadar 
• Proven, in-depth technical knowledge of Information Security principles and process and writing IT policy. 
• Proven experience in a Governance, Risk & Compliance (GRC) framework. RSA Archer a plus!